August 12, 2016 - Keeping up with twists and turns on the exploit kit scene, we examine a new redirection mechanism to Neutrino EK which adds fingerprinting way up the infection chain by crafting a special Flash file and uploading it on compromised hosts. This ensures proper filtering of non desirable traffic even before the gate to the exploit kit.
August 10, 2016 - In this malvertising campaign, both RIG EK and Sundown EK are used to deliver the same threat, an indication that the actor behind it is either testing or maximizing infection rates.
August 3, 2016 - In the cybercrime landscape, Exploit Kits (EKs) are the tool of choice to infect endpoints by exploiting software vulnerabilities. However, a critical component EKs rely on is web traffic, which must be directed towards them.
In this post, we take a look at what we sometimes refer to as 'gates'. Hacked websites are injected with code to an intermediary webpage that serves as the gateway to the exploit kit.
August 1, 2016 - Online crooks are abusing Google's featured snippets via compromised websites that redirect to bogus online stores. Because of their prominent placement, Blackhat SEO miscreants are extremely interested in featured snippets as they can capture a large amount of traffic and redirect it to any site of their choosing.
July 26, 2016 - We've covered the Neutrino and Magnitude exploit kits. Now we take a look at number #3, RIG EK and the different distribution paths using packet captures collected by our honeypot. The campaigns for distribution involve malvertising and compromised sites (much like all other EKs) but there is a notable diversity in how many different ways RIG EK is being loaded and the type of payloads it is serving.